PT-2025-51929 · Churchcrm · Churchcrm

Xy20130630

Publicado

2025-12-17

Atualizado

2025-12-20

CVE-2025-68111

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3

Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the MissingEgive FamID ... POST parameter. This can lead to unauthorized data access, modification, or deletion within the database.

Recommendations Update to version 6.5.3 or later.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-68111

GHSA-C4VM-87VF-HMX9

Produtos afetados

Churchcrm

PT-2025-51929 · Churchcrm · Churchcrm

CVE-2025-68111

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6